Splunk Search

Community Activity

How do I write the regex to extract a DNS domain field from my sample data? Hi : I need help extracting the domain IP address for the DNS logs. The automatic field extractor does not work in m... by OMohi Path Finder in Splunk Search 06-25-2019 0 9	0	9
What's ops.json in etc/system/replication? Hi, we removed some roles and checked on file level where these roles still have a reference. We found the file splu... by tfechner Path Finder in Splunk Search 06-25-2019 0 7	0	7
Cannot perform action "POST" without a target name Python Hello all, I am running python 3.4.9 on CentOS 7. The issue I am having is with the following python script: from y... by haraksin Communicator in Splunk Search 06-25-2019 0 4	0	4
Monitoring Critical Device Logging We are looking to take an enterprise level approach on the monitoring of critical device logging. We have a list of ... by antb Path Finder in Splunk Search 06-25-2019 0 3	0	3
How to remove this signal "-" and "OTHER" in results of a timechart? Hi Splunkers, I have this search bellow: index=br_activedirectory_microsoft EventCode=4624 Account_Domain=AGBANESPA ... by lucasdc New Member in Splunk Search 06-25-2019 0 4	0	4
tstats command help required for CIDR Hello Everyone, I am writing a query using tstats command need to use the CIDR values . Below is the example. \| tst... by sumitkathpal Explorer in Splunk Search 06-25-2019 0 3	0	3
Geom command receiving error: Error in 'SearchOperator:Geom': could not resolve I can't seem to get Splunk to run the search necessary to create a choropleth map. Here is my search: index="main" h... by jrfreeze Explorer in Splunk Search 06-25-2019 0 1	0	1
Search not producing event types Hello. I am trying to get interactive logon logs for all workstations in an organization. The event code for this log... by insomniacnerd94 Explorer in Splunk Search 06-25-2019 0 2	0	2
How to include "-" in between a field value? I have a field lastrundate which has values 20190623 , 20190624 , 20190626. I want to include an "-" in between the... by vrmandadi Builder in Splunk Search 06-25-2019 0 2	0	2
eventstats into multi-value list limit of max values Is there a limit of max values in a multi-value field listSummary for \| eventstats list(variable) as listSummary b... by wfskmoney Path Finder in Splunk Search 06-25-2019 0 6	0	6
How to recreate a bar chart using values over a time period showing duration, start times, and stop times using the chart command? I am attempting to recreate a bar chart based on a start and stop time by workloads. Can anyone help me with the \| ... by thefakemike New Member in Splunk Search 06-25-2019 0 0	0	0
Test props and transforms from Splunk UI In Splunk when we add data via uploading file it gives UI to add and verify props.conf properties there, like timesta... by VatsalJagani SplunkTrust in Splunk Search 06-25-2019 0 5	0	5
How to use multiple saved searches for a single table Hi, We are using a table in our dashboard and its output is based on multiple saved search. How can I run multiple s... by AKG1_old1 Builder in Splunk Search 06-25-2019 0 2	0	2
Sample command limitations I noticed sample command in Splunk is limited in how many parameters can be used at the same time: https://docs.splun... by cosminstefanmar Explorer in Splunk Search 06-25-2019 2 9	2	9
How to group two field values into separate fields? I am working with data that is shared/backed up by two separate hosts. Each userID is linked to two hosts. When there... by bofasplunkguy Explorer in Splunk Search 06-25-2019 0 0	0	0
Two searches using three indexes with different fields I have this search below: index=BI_1 sourcetype=jobs_info fieldJ IN (Flamengo) \| search index=BI_2 sourcetype=tel_d... by nsantiago17 Explorer in Splunk Search 06-25-2019 0 4	0	4
Testing mmdb file in Splunk is there a command recommendation for risk scoring? I am currently attempting to test the GeoIP2-Anonymous-IP.mmdb file out in Splunk. I know we can either place it in ... by jjoh277 Engager in Splunk Search 06-25-2019 0 0	0	0
Using field option in join command If I get a search like below: index="main" ~~~~~ \| table _time value code \| join type=outer [search index="main" ~~~... by tkdguq0110 Path Finder in Splunk Search 06-25-2019 0 3	0	3
Is there a way to group apps in Splunk deployment? We have started to use the Splunk Deployment within in our infrastructure and I was wondering if there's a way (inclu... by d3ag0s Engager in Splunk Search 06-25-2019 0 2	0	2
Why is "�" character found in field values after uploading CSV file and indexing? Hi, After uploading csv file and indexing, I found out that most, if not all of my special characters becomes "�" wh... by dojiepreji Path Finder in Splunk Search 06-25-2019 0 3	0	3
How to save bracket syntax in a report Hi In my XML file, I use the syntax below which works perfectly \| search SITE=$tok_filtersite\|s$ But I need to... by jip31 Motivator in Splunk Search 06-25-2019 0 5	0	5
Help understanding real time searches Hello everyone, I think I don't fully understand the concept of real-time searches. If I configure a search as a rea... by astatrial Contributor in Splunk Search 06-25-2019 0 6	0	6
How to search for duration between events? Hello, Splunkers friends, I need your support; I have a script running on Splunk once at a day, it brings me passwor... by julian0125 Explorer in Splunk Search 06-25-2019 0 6	0	6
How to add custom start date and end date in splunk query (without the using splunk default date picker) ? Hi, I have to pass a custom 'startdate' and 'enddate' in Splunk query in the search tab (without the help of Splunk d... by sajithpm101 New Member in Splunk Search 06-24-2019 0 11	0	11
How to pass 0 to variable if no search result is found? I have scenario where I want variable (Loss) to be 0 if no result found of below search: \| dbxquery query="SELECT *... by ahmadsaadwarrai Explorer in Splunk Search 06-24-2019 0 1	0	1